Skip to content

Secure burner browser

This workflow launches a lightweight Linux desktop in an AerolVM sandbox, opens Chromium inside it, and publishes the UI over noVNC. Instead of handing a user your local browser or a long-lived shared VM, you give them a disposable browser session that can be created per click and destroyed on idle.

It is the browser-isolation version of a preview URL: the product surface is not just a web app running in the sandbox, but a full remote browser running inside the sandbox.

Code URL: https://github.com/aerol-ai/aerovm-examples/tree/main/customer-facing/secure-burner-browser

The reference example:

  • creates a sandbox with a keepalive container command so setup can happen incrementally,
  • uploads a bootstrap script that installs chromium, xvfb, x11vnc, novnc, and websockify,
  • reserves port 6080 with exposePort,
  • starts a long-running session that launches the desktop and browser, and
  • writes secure-burner-browser.json with the sandbox ID, session ID, preview URL, and start URL.

The desktop stack is easiest to bootstrap as root in a Debian-based image.

const sandbox = await client.create({
image: 'debian:bookworm',
osUser: 'root',
cpu: 1,
memoryMB: 2048,
diskGB: 8,
containerCommand: ['sh', '-lc', 'trap : TERM INT; while true; do sleep 3600; done'],
})

The reference example uploads a shell script that installs the desktop components and writes a run-browser-isolation.sh launcher inside the sandbox.

await sandbox.uploadFile(
'/workspace/browser-isolation/bootstrap.sh',
Buffer.from(bootstrapScript),
)

The desktop UI is just another exposed HTTP port. The noVNC page itself is served from vnc.html on that exposed base URL.

const exposure = await sandbox.exposePort(6080)
console.log(exposure.url)

The browser entry point is the exposed base URL plus vnc.html?autoconnect=1&resize=remote&reconnect=1.

The actual browser desktop should run as a session, not a one-shot exec. That gives you a stable process to reconnect to while the noVNC server keeps serving frames.

const session = await sandbox.createSession({
name: 'secure-burner-browser',
command: './run-browser-isolation.sh',
workDir: '/workspace/browser-isolation',
env: {
NOVNC_PORT: '6080',
START_URL: 'https://example.com',
},
})
  • A disposable Chromium instance running inside an isolated sandbox.
  • A browser-facing preview URL that opens straight into noVNC.
  • A long-running session ID you can track, stop, or destroy from your control plane.
  • A JSON artifact with the URLs and IDs your product backend needs to persist.
  • The current reference implementation uses noVNC, not WebRTC. It is a good fit for browser isolation and remote desktop previews, but not the final word on lowest-possible streaming latency.
  • The returned preview URL is the user-facing surface. Put your own auth and tenancy checks in front of it before exposing it to end users.
  • The example defaults to the Docker runtime for maximum compatibility with the desktop stack. If you want a tighter kernel boundary, validate your chosen browser image and X/VNC stack on runtime: "gvisor" before switching production traffic.
  • This pattern needs outbound network access because Chromium is meant to browse the public web.